OpenClaw Has 500,000 Internet-Facing Instances — and Three Unpatched CVEs
OpenClaw has quietly crossed a threshold that security researchers say changes the risk calculus entirely: half a million internet-facing instances are now running the open-source AI agent framework, and three high-severity CVEs remain unpatched across that sprawling deployment base. The milestone, reported by VentureBeat drawing on findings presented at RSAC 2026, puts OpenClaw in rare company — a widely deployed infrastructure layer with no enterprise fleet-management mechanism and no kill switch for rapid response to critical vulnerabilities.
The absence of a centralised patch-delivery path is the detail that has security teams most concerned. Researchers from Cisco, Palo Alto Networks, and Cato CTRL all flagged the issue at RSAC, noting that the open-source community model that drove OpenClaw's adoption is precisely the thing that makes coordinated remediation so difficult. With 500,000 exposed instances, even a modest exploitation rate of known vulnerabilities could produce significant real-world impact before the majority of operators become aware a patch exists.
For enterprise security and DevOps teams, the story is a prompt to audit inventory. The question is no longer whether OpenClaw is a niche developer curiosity — it is infrastructure, and it carries the responsibilities that come with that status. Version hygiene, network segmentation, and active CVE monitoring are now table stakes for any organisation running an instance at scale.